research-article

Formal Verification of Security Critical Hardware-Firmware Interactions in Commercial SoCs

Authors:

Ramya Jayaram Masti,

Arun Kanuparthi,

Jason M. FungAuthors Info & Claims

DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

Article No.: 43, Pages 1 - 4

https://doi.org/10.1145/3316781.3323478

Published: 02 June 2019 Publication History

Abstract

We present an effective methodology for formally verifying security-critical flows in a commercial System-on-Chip (SoC) which involve extensive interaction between firmware (FW) and hardware (HW). We describe several HW-FW interaction scenarios that are typical in commercial SoCs. We highlight unique challenges associated with formal verification of security properties of such interactions and discuss our approach of property-specific abstraction and software model checking to circumvent those challenges. To the best of our knowledge, this is the first exposition on formal co-verification of security-specific HW-FW interactions in the context and scale of a commercial SoCs. Despite traditional scalability challenges, we demonstrate that many such flows are amenable to effective formal verification.

References

[1]

A. Horn, et al. 2013. Formal co-validation of low-level hardware/software interfaces. In FMCAD. 121--128.

[2]

A. Lal, et al. 2012. A solver for reachability modulo theories. In CAV. Springer, 427--443.

Digital Library

[3]

AMD. 2012. AMD SB800-Series Southbridges BIOS Developer's Guide. https://www.amd.com/system/files/TechDocs/45483.pdf.

[4]

Apple. 2018. Apple BootROM 574.4. https://goo.gl/q3m5Ky.

[5]

ARM. 2012. Principles of ARM® Memory Maps. https://goo.gl/oPVv55.

[6]

B. Huang et al. 2018. Formal Security Verification of Concurrent Firmware in SoCs using Instruction-Level Abstraction for Hardware. 55th DAC (2018).

Digital Library

[7]

B. Schmidt, et al. 2013. A computational model for SAT-based verification of hardware-dependent low-level embedded system software. In 18th ASP-DAC.

[8]

Cook, B. et al. 2018. Model Checking Boot Code from AWS Data Centers. In Computer Aided Verification (CAV) (LNCS), Vol. 10982. Springer, 467--486.

[9]

D. Große et al. 2006. HW/SW co-verification of embedded systems using bounded model checking. In 16th ACM GLSVLSI. ACM, 43--48.

Digital Library

[10]

E. Peeters, et al. 2015. SoC Security Architecture: Current Practices and Emerging Needs. In 52nd DAC. Article 144, 6 pages.

Digital Library

[11]

Intel. 2010. Minimal Intel Architecture Boot Loader. https://goo.gl/KLdq6a.

[12]

M. Balliu, et al. 2014. Automating Information Flow Analysis of Low Level Code. In ACM CCS. 1080--1091.

Digital Library

[13]

M. D. Nguyen, et al. 2011. Formal hardware/software co-verification by interval property checking with abstraction. In 48th DAC. 510--515.

Digital Library

[14]

P. Subramanyan, et al. 2016. Verifying Information Flow Properties of Firmware Using Symbolic Execution. In DATE. 337--342.

Digital Library

[15]

P. Subramanyan et al. 2017. Template-based Parameterized Synthesis of Uniform Instruction-Level Abstractions for SoC Verification. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (2017).

[16]

R. Mukherjee, et al. 2017. Formal Techniques for Effective Co-verification of Hardware/Software Co-designs. In 54th DAC. Article 35, 6 pages.

Digital Library

[17]

S. Krstic, et al. 2014. Security of SoC firmware load protocols. In HOST. IEEE, 70--75.

[18]

S. Ray, et al. 2015. Security Policy Enforcement in Modern SoC Designs. In ICCAD (ICCAD '15). 345--350.

Digital Library

[19]

S. Ray, et al. 2018. System-on-Chip platform security assurance: architecture and validation. Proc. IEEE 106, 1 (2018), 21--37.

[20]

Y. Abarbanel, et al. 2014. Validation of SoC Firmware-Hardware Flows: Challenges and Solution Directions. In 51st DAC (DAC '14). Article 2, 4 pages.

Digital Library

[21]

Z. Rakamarić, et al. 2014. SMACK: Decoupling source language details from verifier implementations. In CAV. Springer, 106--113.

Digital Library

Cited By

Liu WTan BFung JChakrabarty K(2024)Theoretical Patchability Quantification for IP-Level Hardware Patching Designs2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC58780.2024.10473895(951-956)Online publication date: 22-Jan-2024
https://doi.org/10.1109/ASP-DAC58780.2024.10473895
Qin MZhu JMao BHu W(2024)Hardware/software security co-verification and vulnerability detection: An information flow perspectiveIntegration10.1016/j.vlsi.2023.10208994(102089)Online publication date: Jan-2024
https://doi.org/10.1016/j.vlsi.2023.102089
Kastner RRestuccia FMeza ARay SFung JSturton COshana R(2022)Automating hardware security property generationProceedings of the 59th ACM/IEEE Design Automation Conference10.1145/3489517.3530637(1384-1387)Online publication date: 10-Jul-2022
https://dl.acm.org/doi/10.1145/3489517.3530637
Show More Cited By

Formal Verification of Security Critical Hardware-Firmware Interactions in Commercial SoCs
1. Security and privacy
  1. Systems security

Recommendations

Formal security verification of concurrent firmware in SoCs using instruction-level abstraction for hardware
DAC '18: Proceedings of the 55th Annual Design Automation Conference

Formal security verification of firmware interacting with hardware in modern Systems-on-Chip (SoCs) is a critical research problem. This faces the following challenges: (1) design complexity and heterogeneity, (2) semantics gaps between software and ...
Formal verification of ASMs using MDGs

We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...
Formal verification in hardware design: a survey

In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing.

There are two ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

June 2019

1378 pages

ISBN:9781450367257

DOI:10.1145/3316781

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE-CEDA

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

DAC '19

Sponsor:

SIGDA

DAC '19: The 56th Annual Design Automation Conference 2019

June 2 - 6, 2019

NV, Las Vegas, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
376
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu WTan BFung JChakrabarty K(2024)Theoretical Patchability Quantification for IP-Level Hardware Patching Designs2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC58780.2024.10473895(951-956)Online publication date: 22-Jan-2024
https://doi.org/10.1109/ASP-DAC58780.2024.10473895
Qin MZhu JMao BHu W(2024)Hardware/software security co-verification and vulnerability detection: An information flow perspectiveIntegration10.1016/j.vlsi.2023.10208994(102089)Online publication date: Jan-2024
https://doi.org/10.1016/j.vlsi.2023.102089
Kastner RRestuccia FMeza ARay SFung JSturton COshana R(2022)Automating hardware security property generationProceedings of the 59th ACM/IEEE Design Automation Conference10.1145/3489517.3530637(1384-1387)Online publication date: 10-Jul-2022
https://dl.acm.org/doi/10.1145/3489517.3530637
Seo JChoi SLee JKim SCheong WYoo BSong Y(2022)Enhancement of Emulation Usage for NVMe Solid State Drive2022 19th International SoC Design Conference (ISOCC)10.1109/ISOCC56007.2022.10031432(382-383)Online publication date: 19-Oct-2022
https://doi.org/10.1109/ISOCC56007.2022.10031432
Tan BElnaggar RFung JKarri RChakrabarty K(2021)Toward Hardware-Based IP Vulnerability Detection and Post-Deployment Patching in Systems-on-ChipIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2020.301977240:6(1158-1171)Online publication date: Jun-2021
https://doi.org/10.1109/TCAD.2020.3019772

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten